Wednesday, July 31, 2013

NSA 's XKeyscore - one click real time access to basically every internet activity....

http://rt.com/news/xkeyscore-nsa-snowden-prism-858/


NSA's XKeyscore gives one-click real-time access to almost any internet activity

Published time: July 31, 2013 16:31
Edited time: July 31, 2013 20:34

The map of XKeyscore servers from a 2008 presentation (Image from theguardian.com)
The map of XKeyscore servers from a 2008 presentation (Image from theguardian.com)
New revelations about NSA surveillance systems show that it was enough to fill in a short ‘justification’ form before gaining access to any of billions of emails, online chats, or site visit histories through a vast aggregation program called XKeyscore.
The structure of XKeyscore, leaked by the UK’s Guardiannewspaper, is sourced from a classified internal presentation from 2008 and a more recent Unofficial User Guide, presumably obtained by Edward Snowden when he was a contractor for the National Security Agency in the past year.
image from www.theguardian.com
image from www.theguardian.com

It shows that XKeyscore – then located on 750 servers around 150 sites worldwide – is a vast collection and storage program that served as the entry point for most information that was collected by the NSA. The Guardian claims that in one 30-day period in 2012 the program acquired 41 billion records. 
The information is not just metadata – depersonalized analytical usage statistics that allow spies to spot patterns – but includes almost all types of personal information. Using any piece of personal data on a subject – an email address, or the IP address of a computer – an agent could look up all online user activities, such as Google map searches, website visits, documents sent through the internet or online conversations. The service operates both, in real time, and using a database of recently stored information.
image from www.theguardian.com
image from www.theguardian.com

All that appears to have been necessary to log into the system is to fill in a compulsory line on a form that gave a reason for why a certain person needed to be investigated. The form was not automatically scanned by the system or a supervisor, and did not require a US legal warrant, as long as the person whose name was typed in was a foreigner (even if his interactions were with a US citizen). 
The slides appear to vindicate security specialist Edward Snowden’s claims made during the original video he recorded in Hong Kong last month. 
"I, sitting at my desk, could wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email," he alleged then. 
Mike Rogers, the Republican chairman of the House intelligence committee later said that Snowden was “lying”. 
Edward Snowden and Mike Rogers.(AFP Photo / The Guardian / Mandel Ngan)
Edward Snowden and Mike Rogers.(AFP Photo / The Guardian / Mandel Ngan)


The NSA has issued a statement to the Guardian, which does not now appear to deny the capabilities of XKeyscore, but merely to defend its use. 
"NSA's activities are focused and specifically deployed against – and only against – legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests,” said the NSA. 
It appears to have been enough to just type a one-line justification before commencing any search (Image from theguardian.com)
It appears to have been enough to just type a one-line justification before commencing any search (Image from theguardian.com)

User-friendly global spying

What strikes an outsider as particularly astonishing is the integration, user-friendliness and functional variety provided by the XKeyscore suite, as seen in the available slides (and its capabilities may have expanded significantly in the intervening years). 
The presentation makes XKeyscore appear little more complicated than a search engine – but one that can find almost anything. After the heading “What can you do with XKeyscore?” the slides outline ways in which the system can fish useful information out of the morass of internet noise.
The presentation gives examples of possible questions that can be answered with the aid of the search abilities provided:
  • My target speaks German, but is in Pakistan, how can I find him? 
  • I have a jihadist document that has been passed around through numerous people, who wrote this and where were they? 
  • My target uses Google maps to scope target locations – can I use this information to determine his email address? 
The document then goes on to show that even basic facts do not need to be known to root out potential terrorists, with the system offering a nuanced analysis of “anomalous” behavior that makes a suspect stand out.
Once information has been fished out, it can be categorized using a selection of plug-ins that index user activity, including all the emails, phone numbers and sites that suspect has come into contact with.
image from www.theguardian.com
image from www.theguardian.com


While XKeyscore collects so much data that it has to be wiped within days, anything useful be stored on a smaller, though still sizeable database called Pinwale that keeps records for up to five years.
The presentation boasts that 300 terrorists were caught with XKeyscore in the years leading up to 2008.

While Fisa regulations mean that US citizens can only be clandestinely observed with a warrant, the search does not always identify the nationality of those it spies on, and in any case, having a foreign contact is sufficient to expand the search to a large proportion of US citizens.
And while they are not the stated target of XKeyscore, communications between ordinary Americans, whether those pass through domestic and international servers, are inevitably caught in the net.
Technically, a person with access to the system could just as easily spy on an American within a few clicks, as they could on a foreigner, though this would be illegal.
In last month’s Guardian interview Snowden insisted that there was nothing stopping this from happening.
"It's very rare to be questioned on our searches, and even when we are, it's usually along the lines of 'let's bulk up the justification'," he claimed. While NSA officials have admitted "a number of compliance problems", which they say were not made “in bad faith”, they say the latest revelations are not proof that the system is illegal vulnerable to abuse.
"Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks … In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring," said the NSA statement.
"These types of programs allow us to collect the information that enables us to perform our missions successfully – to defend the nation and to protect US and allied troops abroad."



NSA director booed during ‘unconvincing’ hacker conference speech

Published time: August 01, 2013 02:52
General Keith Alexander, director of the National Security Agency (Reuters / Steve Marcus)
General Keith Alexander, director of the National Security Agency (Reuters / Steve Marcus)
National Security Agency Director Keith Alexander was jeered as he pleaded with professional hackers and cyber-security experts to reconsider the indiscriminate NSA surveillance during a speech at the annual Black Hat conference in Las Vegas, Nevada.
Alexander claimed that the surveillance methods, disclosed by former NSA contractor Edward Snowden, have been mischaracterized by the media and are subject to rigorous government oversight. He was approximately 30 minutes into his speech when an audience member, later revealed to be 30-year-old security consultant Jon McCoy, shouted “Freedom!” 
Exactly,” Alexander replied from the stage. “We stand for freedom.”
Bullshit!” McCoy said.
Not bad,” the NSA director retorted. “But I think what you’re saying is that in these cases, what’s the distinction, where’s the discussion and what tools do we have to stop this.” 
No, I’m saying I don’t trust you,” McCoy said over applause. 
You lied to Congress,” another voice jumped in. “Why would people believe you’re not lying to us right now?” 
I haven’t lied to Congress,” said Alexander, who is notoriously press averse. “I do think it’s important for us to have this discussion. Because in my opinion, what you believe is what’s written in the press without looking at the facts. This is the greatest technical center of gravity in the world. I ask that you all look at those facts.” 
Hacker Karsten Nohl, who attended the conference, told RT that Alexander’s speech, while applauded by supporters, offered little new information in his defense of the program. 
I think General Alexander’s aim was to reach out to the community and start a dialog with security experts, or at the very least make it look as if he did,” he said. “He came out saying that he wanted to share new information but really all that he did was to confirm what everybody had already known.” 
He emphasized over and over again that they are just collecting it but not actually looking at it except for in very few cases and the few he mentioned were terrorism cases,” Nohl continued. “Of course that now leads to all kinds of criticisms in terms of trust the NSA to have this data and not using it. To me, at least, that was not very convincing.”
The general was asked to give the keynote address before Snowden revealed the existence of the PRISM and Tempora electronic programs as well as orders directing Verizon Communications to turn over the phone records for millions of Americans. Black Hat organizers told CBS Alexander could have opted out of the conference but chose not to. 
He admitted the NSA’s public image has been damaged, but claimed only 35 employees are authorized to review phone surveillance queries, and only 22 who can actually approve the monitoring of specific phone numbers. 
Their reputation has been tarnished,” he said. “But you can help us articulate the facts properly. I will answer every question to the fullest extent possible, and I promise you the truth: What I know, what we’re doing, and what I cannot tell you because we don’t want to jeopardize the future of our defense.” 
US Congressmen admitted frustration with Alexander earlier this year when the NSA chief offered the vague assertion that the data collection has “helped thwart dozens of terrorist events.”  
Alexander maintained the surveillance is legal because it was approved by the secret Foreign Intelligence Surveillance Court, which approved 1,748 surveillance applications of the 1,789 it received. 
I’ve heard the court is a rubber stamp,” he said. “I’m on the other end of that table, against the table of judges that don’t take any – I’m trying to think of a word here – from even a four-star general. They want to make sure that what we’re doing comports with the constitution and the law. I can tell you from the wire brushing I’ve received, they are not a rubber stamp.” 
Alexander claimed the agency has the capability to monitor its own employees, a somewhat odd revelation in light of a recent claim from an NSA staffer who denied they could search staff emails. Pro Public filed and Freedom of Information Act request seeking emails between employees and the National Geographic channel, which reporters suspect of airing sympathetic documentaries on the NSA. 
There’s no central method to search an email at this time with the way our records are set up, unfortunately,” an NSA spokesperson said last week, a claim seemingly at odds with Alexander’s speech. 
The assumption is our people are just out there wheeling and dealing,” he said Wednesday. “Nothing could be further from the truth. We have tremendous oversight over these programs. We audit the actions of our people 100 per cent.”


No comments:

Post a Comment